CVE-2026-4242

Sažetak

A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up to 5.4.3.0 on Android. This affects an unknown function of the file file app/babychakra/babychakra/Configuration.java of the component app.babychakra.babychakra. Performing a manipulation of the argument SEGMENT_WRITE_KEY results in unprotected storage of credentials. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Reference

https://vuldb.com/?ctiid.351184
https://vuldb.com/?id.351184
https://vuldb.com/?submit.771429
https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-app-babychakra-3192de3f97fb8084b6b5cb06f96cdf57?source=copy_link

CVSS

Base:	1.0
Impact:	2.9
Exploitability:	1.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:H/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-03-2026 - 14:20

Objavljeno

16-03-2026 - 15:16